PERSONAL AUTHENTICATION SYSTEM, AND PERSONAL AUTHENTICATION 
METHOD AND PROGRAM USED THEREFOR 

BACKGROUND OF THE INVENTION 
Field of the Invention 

The present invention relates to a personal authentication 
system, a personal authentication method used for various 
services, and a personal authentication program, and in 
particular, to a personal authentication method for various 
services such as credit and medical services. 

Description of the Related Art 

With conventional credit services , if a person is to utilize 
a credit company to purchase a commodity or receive a service, 
he presents a credit card issued by the credit company beforehand 
and signs a document describing a consideration for the commodity 
or service so that the consideration can be settled later using 
a personal settling account registered with the credit company. 

Further, if a person is to purchase a commodity or receive 
a service online via the Internet or the like, personal 
authentication is executed using a credit number issued by the 
credit company, an issued year and month, and a password composed 
of a simple combination of digits so that the consideration is 
settled using a personal settling account registered with the 
credit company. 

Furthermore, if a person is to utilize a credit company 
to pay the price of the utilization of a general public line 



service (a public telephone) for a telephone call, data 
communication, or the like, personal authentication is also 
executed using a credit number issued by the credit company, 
an issued year and month, and a password composed of a simple 
combination of digits so that the consideration is settled using 
a personal settling account registered with the credit company. 
In this case , the consideration can also be settled using a prepaid 
card issued by the telephone company. 

Moreover, when a person visits a hospital, he presents his 
consultation card issued by the hospital, at a hospital clerk's 
window to receive his medical sheet, examination data, or the 
like and after diagnosis or treatment, returns the medical sheet 
and pays medical expenses at the hospital clerk's window. 

On the other hand, when a person applies to a government 
office for a passport, a driver's license, or various other 
licenses , he executes a clerical procedure by obtaining a document 
such as a copy of a certificate of residence , a copy of the portion 
of his family register which relates to him, or a copy of his 
family register and presenting at an application officer ' s window 
an ID card that identifies him. 

Further, when a person is to borrow a book from a library, 
he presents his ID card beforehand to have a librarian prepare 
and issue a loan card which must be presented whenever he borrows 
or returns a book. 

Moreover, if a person is to use a facility in a private 
sports gym or the like or receive a service therefrom, he executes 
a registration procedure beforehand and generally presents an 
issued membership card to use the facility or receive the service . 
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The person presents his membership card each time he utilizes 
the sports gym. 

Entries to and exits from facilities such as private or 
corporate premises or buildings for which entries and exits are 
5 limited are managed by having visitors present their entry permits , 
ID cards, or the like or executing collations against previously 
registered passwords. 

With the above described conventional personal 
authentication systems , when a person is to purchase a commodity 

10 or receive a service and is to utilize a service from a credit 
company by presenting a credit card to the company but if he 
fails to have the credit card with him or loses it, he cannot 
receive the service or the credit card may be abused by a third 
person. Further, if the credit card is forged, such services 

15 may be illegally utilized. 

Further , if a person is to purchase a commodity or receive 
a service online via the Internet or the like, he must present 
information including a credit card number, an issued year and 
month, and a password. If the person forgets these information, 

20 even this person cannot purchase the commodity or receive the 
service. In this case, since these information is easily 
available, it may be abused by a third person. 

Furthermore, not only cash but also a prepaid card or a 
service from a credit company can be used as a means for paying 

25 the price of the utilization of a general public line service, 
but this means also requires a card or information such as that 
described above. If the person fails to have cash or his card 
with him or forgets the information required for the credit service , 



even this person, who is a regular user of this service, cannot 
utilize it and the card may also be forged and illegally utilized . 

Moreover, when a person visits a hospital, he presents his 
consultation card issued by the hospital so as to be identified. 
Consequently, personal information such as a medical history 
may leak due to the abuse of a lost or forged consultation card. 
In this case, if a person is to utilize a service from a credit 
company to pay medical expenses , he must have his credit card 
with him in addition to his consultation card. If he fails to 
have it with him or loses it , he cannot receive the service . 

When a person applies to a government office for various 
licenses, he must prepare in advance a document such as a copy 
of a certificate of residence, a copy of the portion of his family 
register which relates to him, or a copy of his family register 
and presenting at an application officer's window an ID card 
that identifies him. Accordingly, the clerical procedure is 
cumbersome . 

Further, when a person borrows a book from a library, he 
must present a previously issued loan card. If he fails to have 
the card with him, he cannot borrow the book; if he loses the 
card, he must have a new loan card issued. Thus , it is cumbersome 
to manage the loan card. 

Moreover, if a person utilizes a private facility or receives 
a service therefrom, he must present a previously issued 
membership card. If he fails to have the membership card with 
him, he cannot utilize the facility. Additionally, if he loses 
the card, it may be abused. 



Furthermore, to enter or leave facilities such as private 
or corporate premises or buildings for which entries and exits 
are limited, a person must present a previously issued entry 
permit, his ID card, or the like or have his password collated 
against a previously registered one. If he fails to have the 
permit or ID card with him or forgets the password, he is not 
allowed to enter or leave the facility. If he loses the permit 
or ID card or the password leaks, a third person may illegally 
enter or leave the facility. 

SUMMARY OF THE INVENTION 

It is thus an object of the present invention to provide 
a personal authentication system, a personal authentication 
method used for various services and a personal authentication 
program which enables a person to receive a service without 
carrying a card or the like with him, thereby preventing a third 
person from abusing the card or the like, for example, 
misappropriating or forging it and also preventing the leakage 
of personal information. 

The present invention provides a personal authentication 
system for connecting, via a communication line, an 
authentication server for authenticating a client to identify 
the client to an authentication terminal for inputting 
authentication information required for the personal 
authentication , wherein : 

the system has a database for storing at least personal 
authentication data required for the personal authentication. 



settling account information required to process charges, and 
data required to receive various services , and 

the authentication server has a function of collating the 
authentication information input from the authentication 
terminal via the communication line, against the personal 
authentication data stored in the database, a function of 
processing charges based on the settling account information 
registered in the database based on a request from the 
authentication terminal when the client is authenticated during 
the identification, and a function of providing, registering, 
and managing personal data registered beforehand in the database 
based on a request from the authentication terminal when the 
client is authenticated during the identification and 
periodically communicating a collation history, a personal data 
usage history, and a charge process history. 

The present invention provides a personal authentication 
method for a personal authentication system for connecting, via 
a communication line, an authentication server for 
authenticating a client to identify the client to an 
authentication terminal for inputting authentication 
information required for the personal authentication, wherein: 

the system has a database for storing at least personal 
authentication data required for the personal authentication, 
settling account information required to process charges, and 
data required to receive various services, and 

the authentication server has a step of collating the 
authentication information input from the authentication 
terminal via the communication line, against the personal 



authentication data stored in the database, a step of processing 
charges based on the settling account information registered 
in the database based on a request from the authentication terminal 
when the client is authenticated during the identification, and 
a step of providing, registering, and managing personal data 
registered beforehand in the database based on a request from 
the authentication terminal when the client is authenticated 
during the identification and periodically communicating a 
collation history, a personal data usage history, and a charge 
process history. 

The present invention provides a personal authentication 
program for a personal authentication system for connecting, 
via a communication line, an authentication server for 
authenticating a client to identify the client to an 
authentication terminal for inputting authentication 
information required for the personal authentication, wherein: 

the system has a database for storing at least personal 
authentication data required for the personal authentication 
andpreviously registered, settling account information required 
to process charges , and data required to receive various services , 
and 

the authentication server has a step of collating the 
authentication information input from the authentication 
terminal via the communication line, against the personal 
authentication data stored in the database, a step of processing 
charges based on the settling account information registered 
in the database based on a request from the authentication terminal 
when the client is authenticated during the identification, and 



a step of providing, registering, and managing personal data 
registered beforehand in the database based on a request from 
the authentication terminal when the client is authenticated 
during the identification and periodically communicating a 
collation history, a personal data usage history, and a charge 
process history. 

That is, the personal authentication system of the present 
invention is characterized by being an online credit service 
comprising a communication line, and an authentication server, 
a client terminal , and an authentication terminal each connected 
to the communication line. 

The authentication server registers and manages personal 
authentication data for identifying a client , a settling account 
for processing charges , and other data required to receive various 
services . The authentication server also has the function of 
collating the personal authentication data based on a request 
from the authentication terminal, processing charges for an 
identified individual from a previously registered settling 
account based on a request from the authentication terminal, 
providing, registering, and managing personal data registered 
previously for the authenticated individual as required based 
on a request from the authentication terminal, and periodically 
communicating a collation history , a personal data usage history , 
and a charge process history to the client terminal. 

The personal authentication by the authentication server 
may be based on the client's fingerprint, voiceprint, or iris 
pattern. The personal authentication is also possible with a 
password input by the client. 



A method for communicating the personal data, the collation 
history, the personal data usage history, and the charge process 
history to the client terminal may be based on electronic mails 
or home pages . 

The authentication terminal or its functions may be 
installed at stores, ticket gates of transportation facilities, 
public telephones , hospital clerks ' windows , government 
officers' windows, various service providing facilities such 
as libraries and sports gyms , entrances to or exits f romf acilities 
such as private and corporate premises and buildings for which 
entries and exits are limited, etc. 

The present invention thereby provides the personal 
authentication service, and in particular, authenticates a 
client via a network such as the Internet and enables services 
as required; the services include the purchase of a commodity, 
the settlement of the consideration for a service, and the use 
of previously registered personal data. 

BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 is a block diagram showing the configuration of a 

personal authentication system according to a first embodiment 

of the present invention; 

FIG. 2 is a flowchart showing a process operation by the 

authentication server in FIG. 1; 

FIG. 3 is a flowchart showing a process operation by the 

authentication server in FIG. 1; 



FIG. 4 is a block diagram showing the configuration of a 
personal authentication system according to a second embodiment 
of the present invention; 

FIG. 5 is a flowchart showing a process operation by the 
authentication server according to a third embodiment of the 
present invention; 

FIG. 6 is a block diagram showing the configuration of a 
personal authentication system according to a fourth embodiment 
of the present invention; 

FIG. 7 is a flowchart showing a process operation by the 
authentication server in FIG. 6; 

FIG. 8 is a flowchart showing a process operation by the 
authentication server according to a fifth embodiment of the 
present invention; 

FIG. 9 is a flowchart showing a process operation by the 
authentication server according to a sixth embodiment of the 
present invention ; 

FIG. 10 is a flowchart showing a process operation by the 
authentication server according to a seventh embodiment of the 
present invention ; 

FIG. 11 is a flowchart showing a process operation by the 
authentication server according to an eighth embodiment of the 
present invention ; 

FIG. 12 is a flowchart showing a process operation by the 
authentication server according to a ninth embodiment of the 
present invention ; 



FIG. 13 is a flowchart showing a process operation by the 
authentication server according to a tenth embodiment of the 
present invention ; 

FIG. 14 is a flowchart showing a process operation by the 
authentication server according to an eleventh embodiment of 
the present invention; and 

FIG. 15 is a flowchart showing the configuration of the 
authentication server according to a twelfth embodiment of the 
present invention . 

DESCRIPTION OF THE PREFERRED EMBODIMENT 
Next , embodiments of the present invention will be described 
with reference to the drawings. FIG. 1 is a block diagram of 
the configuration of a personal authentication system according 
to a first embodiment of the present invention. In FIG. 1, the 
personal authentication system according to the first embodiment 
of the present invention comprises an authentication server 1, 
a database 2 , a client terminal 3 , and an authentication terminal 
4, wherein the authentication server 1, the client terminal 3, 
and the authentication terminal 4 are connected together via 
a communication line 100 such as the Internet. 

If the personal authentication system according to the first 
embodiment of the present invention is used, a client first 
registers personal authentication data identifying him, a 
settling account for paying considerations for commodities or 
services purchased by the client, and personal data required 
for various services provided by the authentication server 1, 
in the database 2 connected to the authentication server 1 , by 



means of a process using the customer terminal 3 or a terminal 
(not illustrated) connected to the authentication server 1 via 
the communication line 100 such as the Internet, or by mail, 
facsimile, or other offline means. 

Subsequently, the client sends data identifying him to the 
authentication server 1 using the authentication terminal 4 . 
The authentication server 1 collates the data sent from the 
authentication terminal 4 against personal authentication data 
registered in the database 2 to identify the client and sends 
the result to the authentication terminal 4. 

Further, after the authentication, when the client uses 
the authentication terminal 4 as required to request the 
authentication server 1 to pay charges from the settling account 
registered previously in the database 2 of the authentication 
server 1, the authentication server 1 executes a process based 
on the sent request. 

The client also uses the authentication terminal 4 as 
required to request the authentication server 1 to execute a 
read or modification of the personal data registered previously 
in the database 2 of the authentication server, new registration 
of such data , or the like , and the authentication server 1 executes 
a process based on the sent request . The authentication server 
1 communicates the histories of personal authentication 
collations and accesses to the personal data to the client . 

FIGS . 2 and 3 are flowcharts showing the processing operation 
of the authentication server 1 in FIG. 1. The processing 
operation of the personal authentication system according to 



the first embodiment of the present invention will be described 
with reference to FIGS. 1 to 3. 

To register the personal data from the client terminal 3 
(step SI in FIG. 2) , the authentication server 1 registers, in 
the database 2, the personal authentication data identifying 
the client, the settling account for paying the considerations 
for commodities and services purchased by the client, and the 
other personal data required for various services provided by 
the authentication server 1 (step 2 in FIG. 2) . Alternatively, 
if personal authentication data have been sent from the 
authentication terminal 4 (step S3 in FIG. 2), the authentication 
server 1 collates the sent data against the personal 
authentication data registered in the database 2 (step S4 in 
FIG. 2) to identify the client (step S5 in FIG. 2). 

When the authentication server 1 detects a mismatch in this 
personal authentication , it not if ies the authentication terminal 
4 that the client is unidentified (step S6 in FIG. 2). When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S7 in FIG. 2) . 

After the authentication server 1 has notified the 
authentication terminal 4 that the client is identified, that 
is, when it receives a process request from the authentication 
terminal 4 after the authentication (step S8 in FIG. 2), it 
executes the process indicated in the sent request (step S9 in 
FIG. 2) . The authentication server 1 repeats the above process 
operation until the process is completed (step S10 in FIG. 2) . 
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On the other hand, if the authentication server 1 executes 
the process requested by the authentication terminal 4 , it first 
checks whether the client has been authenticated (step Sll in 
FIG. 3) and if he has been authenticated, determines the type 
of the request . 

If the request is for charge payment (step S12 in FIG. 3) , 
the process of paying charges from the settling account registered 
previously in the database 2 is executed (step S13 in Figure 
3 ) . If the request is for a read of the personal data ( step 
S14 in FIG. 3, the authentication server 1 reads out the personal 
data registered previously in the database 2 and then communicates 
the readout data (step S15 in FIG. 3). If the request is for 
a modification of the personal data (step S16 in FIG. 3), the 
authentication server 1 reads out and modifies the personal data 
registered previously in the database 2 to renew the contents 
of the database 2 (step S17 in FIG. 3). 

After executing the process corresponding to the 
above-mentioned request, the authentication server 1 
communicates thehistories of personal authentication collations 
and accesses to personal data from the database 2 to the client 
(step S18 in FIG. 3). The authentication server 1 repeats the 
above process operation until the process is completed (step 
S19 in FIG. 3). 

In this manner , the authentication server 1 can authenticate 
the client via the network such as the Internet and execute 
services also via the network as required, the services including 
the purchase of a commodity, the settlement of the consideration 
for a service, and the use of the previously registered personal 



data. This avoids the situation where the client cannot receive 
a service because he fails to carry his card or the like with 
him or loses it, thus preventing the abuse of the card or the 
like by a third person and the leakage of the personal information . 

FIG. 4 is a block diagram showing the configuration of a 
personal authentication system according to a second embodiment 
of the present invention . In FIG . 4 , the personal authentication 
system according to the second embodiment of the present invention 
has a configuration similar to that of the personal authentication 
system according to the first embodiment of the present invention 
except for a personal authentication data input mechanism 5, 
and the same components are denoted by the same reference numerals . 
Further, the same components perform operations similar to those 
in the personal authentication system according to the first 
embodiment of the present invention. 

The personal authentication data input mechanism 5 is used 
to input individual data specific to the client such as his 
fingerprint, voiceprint, or iris pattern, which is used as the 
personal authentication data. A password input by the client 
can be input from either the authentication terminal 4 or the 
personal authentication data input mechanism 5. 

FIG. 5 is a flowchart showing the process operation of an 
authentication server according to a third embodiment of the 
present invention. The process operation of a personal 
authentication system according to the third embodiment of the 
present invention will be described with reference to FIG. 5. 
The steps in Figure 5 other than steps S28 and S29 are similar 
to steps Sll to S17 and S19 in FIG. 3, so the description of 
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the operations of these steps is omitted. Further, the 
configuration of the personal authentication system according 
to the third embodiment of the present invention is similar to 
that of the personal authentication system according to the first 
embodiment of the present invention shown in FIG . 1 or the personal 
authentication system according to the second embodiment of the 
present invention shown in FIG. 4 , so its description is omitted. 

The personal authentication system according to the third 
embodiment of the present invention periodically communicates 
the histories of personal authentication collations and accesses 
to personal data to the client by electronic mail at preset 
specified dates and times (for example, once per month) (step 
S28 in FIG. 5) . At the times other than the preset specified 
dates and times (for example, once per month) (step S28 in FIG. 
5) , the histories are recorded (step S29 in FIG. 5) . The histories 
of personal authentication collations and accesses to personal 
data may be communicated each time a process (an access) is 
completed . 

FIG. 6 is a block diagram showing the configuration of a 
personal authentication system according to a fourth embodiment 
of the present invention . In FIG . 6 , the personal authentication 
system according to the fourth embodiment of the present invention 
has a configuration similar to that of the personal authentication 
system according to the second embodiment of the present invention 
except for a home page server 6 for showing home pages and an 
identification mechanism 7 such as a fire wall, and the same 
components are denoted by the same reference numerals . The same 
components perform operations similar to those in the personal 



authentication system according to the second embodiment of the 
present invention . 

The home page server 6 is installed so as to be connected 
to the authentication server 1 and is connected to the Internet 
100 via the identification mechanism 7. The home page server 
6 also shows home pages describing the histories of personal 
authentication collations and accesses to personal data. 

The identification mechanism 7 is connected to the home 
page server 6 using identification security measures such as 
cryptography or passwords so as to prevent third people's 
references. Thus, when the client terminal 3 is identified by 
the identification mechanism 7 , it can read out the histories 
of personal authentication collations and accesses to personal 
data by viewing the client ' s home page from the home page server 
6 through the Internet 100. 

FIG. 7 is a flowchart showing the process operation of the 
authentication server 1 in FIG. 6. The process operation of 
the personal authentication system according to the third 
embodiment of the present invention will be described with 
reference to FIG. 7. The steps in Figure 7 other than step S48 
are similar to steps Sll toS17 andS19 in FIG. 3, so the description 
of the operations of these steps is omitted. 

Once the request from the authentication terminal 4 has 
been completed, the authentication server 1 renews the contents 
of the home page with the results of the process, that is, the 
histories of personal authentication collations and accesses 
to personal data before displaying them (step S48 in FIG. 7). 
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This allows the latest data to be always displayed on the home 
page corresponding to the client . 

FIG. 8 is a flowchart showing the process operation of the 
authentication server according to a fifth embodiment of the 
present invention. The process operation of the authentication 
server according to the fifth embodiment of the present invention 
will be described with reference to FIG. 8. A personal 
authentication system according to the fifth embodiment of the 
present invention is an example of the application to store 
services of the personal authentication system according to the 
first embodiment of the present invention shown in FIG. 1, the 
personal authentication system according to the second 
embodiment of the present invention shown in FIG. 4, or the 
personal authentication system according to the fourth 
embodiment of the present invention shown in FIG. 6. The 
configuration and operation of this system are similar to those 
of the personal authentication systems according to the first 
to fourth embodiments, so the description of the configuration 
and operation is omitted. 

In the personal authentication system according to the fifth 
embodiment of the present invention , the authentication terminal 
4 is installed in a store so that the client can obtain a commodity 
or receive a service in this store. To pay the consideration 
for the commodity or service, the client collates personal 
authentication data such as his fingerprint, voiceprint, iris 
pattern, or password collated using the authentication terminal 
4 connected to the authentication server 1 via the communication 
line 100 such as the Internet, the authentication data being 
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previously registered in the database 2 of the authentication 
server 1 , and then requests the authentication server 1 to pay 
the consideration from the settling account registered in the 
authentication server 1 . The authentication server 1 identifies 
the client using data sent from the authentication terminal 4 
and then executes the payment process based on the sent request 

That is, if personal authentication data have been sent 
from the authentication terminal 4 (step S51 in FIG, 8), the 
authentication server 1 collates the sent data against the 
previously registered personal authentication data (step S52 
in FIG. 8) to identify the client (step S53 in FIG. 8). 

When the authentication server 1 detects a mismatch in this 
personal authentication , it notifies the authentication terminal 
4 that the client is unidentified (step S54 in FIG. 8). When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S55 in FIG. 8) . After detecting the match, the authentication 
server 1 pays the consideration from the settling account 
registered previously in the database 2 (step S56 in FIG. 8). 

Thus , if the client uses a service from a credit company 
to purchase a commodity or receive a service, the credit card, 
which is conventionally common, is not required. This avoids 
the situation where the client cannot receive the service because 
he fails to carry his credit card with him or loses it, thus 
preventing the abuse of the lost credit card. 

Further , if the client uses a service from a credit company 
to purchase a commodity or receive a service online via the 
Internet or the like, he is not required to input the number 
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of his credit card, the issued year and date, his password, or 
the like as in the prior art. This avoids the situation where 
the client cannot receive the service because he forgets these 
pieces of information. Additionally, since these pieces of 
5 information are not required, the abuse of the information by 
a third person is prevented. 

FIG. 9 is a flowchart showing the process operation of an 
authentication server according to a sixth embodiment of the 
present invention. The process operation of the authentication 

10 server according to the sixth embodiment of the present invention 
will be described with reference to FIG. 9. The configuration 
and operation of a personal authentication system according to 
the sixth embodiment of the present invention are an example 
of the application to transportation services of the personal 

15 authentication system according to the first embodiment of the 
present invention shown in FIG. 1, the personal authentication 
system according to the second embodiment of the present invention 
shown in FIG. 4 , or the personal authentication system according 
to the fourth embodiment of the present invention shown in FIG. 

20 6. The configuration and operation of this system are similar 
to those of the personal authentication systems according to 
the first to fourth embodiments, so the description of the 
configuration and operation is omitted. 

In the personal authentication system according to the sixth 

25 embodiment of the present invention, the authentication terminal 
4 is installed at a ticket gate of a public transportation facility . 
When passing through the ticket gate, the client undergoes the 



personal authentication in accordance with a procedure similar 
to that described above. 

If the client is authenticated by the authentication server 
1 as a result of its collation operation, the authentication 
terminal 4 automatically or manually permits the client to pass 
through the ticket gate. In addition, if the client enters the 
public transportation facility, the authentication terminal 
records the departing station, while if he leaves the public 
transportation facility, the authentication terminal pays the 
charge for the travel from a departing station to the arriving 
station, from the settling account registered previously in the 
database of the authentication server 1. The recording of the 
departing station, the calculation of the charge for the travel 
to the arriving station , and the like may additionally be executed 
by the authentication server 1 or may be executed by a server 
provided separately by the public transportation facility. 

That is, if personal authentication data have been sent 
from the authentication terminal 4 (step S61 in FIG. 9), the 
authentication server 1 collates the sent data against the 
previously registered personal authentication data (step S62 
in FIG. 9) to identify the client (step S63 in FIG. 9). 

When the authentication server 1 detects a mismatch in this 
personal authentication , it notifies the authentication terminal 
4 that the client is unidentified (step S64 in FIG. 9). When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S65 in FIG. 9) . 
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After detecting the match, the authentication server 1 
notifies the authentication terminal 4 that the client is allowed 
to pass through the ticket gate (step S66 in FIG. 9). If the 
client is to enter the facility through the ticket gate (step 
S67 in FIG. 9) , the authentication server 1 records the departing 
station (step S68 in FIG. 9). 

Additionally, if the client is determined not to enter the 
facility through the ticket gate (step S67 in FIG. 9), the 
authentication server 1 calculates the charge for the travel 
from the departing station to the arriving station and pays the 
charge from the settling account registered previously in the 
database 2 (step S69 in FIG. 9). 

This avoids the situation where the client cannot receive 
the service because he fails to carry his commuter pass or ticket 
with him or loses it , thus preventing the abuse of the lost commuter 
pass or ticket. 

Further, if the client uses a service from a credit company 
to receive the service from the public transportation facility, 
the credit card, which is conventionally common, is not required. 
This avoids the situation where the client cannot receive the 
service because he fails to carry his credit card with him or 
loses it. The abuse of the lost credit card is also prevented. 

FIG. 10 is a flowchart showing the process operation of 
an authentication server according to a seventh embodiment of 
the present invention. The process operation of the 
authentication server according to the seventh embodiment of 
the present invention will be described with reference to FIG. 
10 . The configuration and operation of a personal authentication 
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system according to the seventh embodiment of the present 
invention are an example of the application to public telephone 
services of the personal authentication system according to the 
first embodiment of the present invention shown in FIG. 1, the 
personal authentication system according to the second 
embodiment of the present invention shown in FIG. 4, or the 
personal authentication system according to the fourth 
embodiment of the present invention shown in FIG. 6. The 
configuration and operation of this system are similar to those 
of the personal authentication systems according to the first 
to fourth embodiments, so the description of the configuration 
and operation is omitted. 

In the personal authentication system according to the 
seventh embodiment of the present invention, the functions of 
the authentication terminal 4 are added to a public telephone. 
When using the public telephone , the client undergoes the personal 
authentication in accordance with a procedure similar to that 
described above. 

If the client is authenticated by the authentication server 
1 as a result of collation in the database 2 of the authentication 
server 1, the public telephone permits the use of a line. The 
public telephone also records the communication start time and 
the destination, and once the communication is ended, obtains 
the communication charge from the settling account registered 
previously in the database 2 of the authentication server 1 . 
The recording of the communication time and destination, the 
calculation of the communication charge, and the like may 
additionally be executed by the authentication server 1 or may 



be executed by a public telephone or a separate server connected 
to the public telephone. 

That is , if personal authentication data have been sent 
from the authentication terminal 4 (step S71 in FIG. 10), the 
authentication server 1 collates the sent data against the 
previously registered personal authentication data (step S72 
in FIG. 10) to identify the client (step S73 in FIG. 10). 

When the authentication server 1 detects a mismatch in this 
personal authentication , it notifies the authentication terminal 
4 that the client is unidentified (step S74 in FIG. 10). When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S75 in FIG. 10) . 

After detecting the match, the authentication server 1 
notifies the authentication terminal 4 that the client is allowed 
to use a line (step S76 in FIG. 10). If the communication is 
not ended (step S77 in FIG. 10), the authentication server 1 
records the communication start time and destination (step S78 
in FIG. 10) and returns to the determination of whether the 
communication is ended. 

Additionally, if the communication is ended (step S77 in 
FIG. 10), the authentication server 1 calculates the 
communication charge and pays the charge from the settling account 
registered previously in the database 2 (step S79 in FIG. 10) . 

In this manner, when the client uses a general public line 
service, he can pay the charge without depending on settlement 
using cash, a prepaid card, a credit card, or the like, which 
is conventionally common. This prevents the situation where 



- 25 - 



the client cannot use a line because he fails to carry his prepaid 
card or the like with him. Additionally, no prepaid or credit 
card is required, thus preventing the forgery or illegal use 
of such a card. 

FIG. 11 is a flowchart showing the process operation of 
an authentication server according to an eighth embodiment of 
the present invention. The process operation of the 
authentication server according to the eighth embodiment of the 
present invention will be described with reference to FIG. 11. 
The configuration and operation of a personal authentication 
system according to the eighth embodiment of the present invention 
are an example of the application to medical services of the 
personal authentication system according to the first embodiment 
of the present invention shown in FIG. 1, the personal 
authentication system according to the second embodiment of the 
present invention shown in FIG. 4 , or the personal authentication 
system according to the fourth embodiment of the present invention 
shown in FIG. 6. The configuration and operation of this system 
are similar to those of the personal authentication systems 
according to the first to fourth embodiments , so the description 
of the configuration and operation is omitted. 

In the personal authentication system according to the 
eighth embodiment of the present invention, the authentication 
terminal 4 is installed at a hospital clerk's window. At this 
window, the client undergoes the personal authentication in 
accordance with a procedure similar to that described above. 

If the client is authenticated by the authentication server 
1 as a result of collation in the database 2 of the authentication 



server 1 , the authentication terminal 4 automatically or manually 
provides the client ' s medical sheet and assigns the client to 
an appropriate doctor . After diagnosis or treatment , the client 
returns his medical sheet to the window and undergoes the personal 
authentication in accordance with a procedure similar to that 
described above. The client also pays the medical charges from 
the settling account registered previously in the database 2 
of the authentication server 1 . The calculation of the medical 
charges may additionally be executed by the authentication server 
1 or may be executed by a server provided separately by the 
hospital . 

That is, if personal authentication data have been sent 
from the authentication terminal 4 (step S81 in FIG. 11), the 
authentication server 1 collates the sent data against the 
previously registered personal authentication data (step S82 
in FIG. 11) to identify the client (step S83 in FIG. 11). 

When the authentication server 1 detects a mismatch in this 
personal authentication , it notifies the authentication terminal 
4 that the client is unidentified (step S84 in FIG. 11). When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S85 in FIG. 11) . 

After detecting the match and if the client must continue 
to be diagnosed or treated (step S86 in FIG. 11), the 
authentication server 1 obtains the client ' s medical sheet and 
make an appointment with his doctor (step S87 in FIG. 11). 

If the client no longer needs to be diagnosed or treated 
(step S86 in FIG. 11), the authentication server 1 calculates 



the medical charges and pays the charges from the settling account 
registered previously in the database 2 (step S88 in FIG- 11) . 

In this manner, when the client consults the doctor, no 
consultation card or the like which is issued specifically to 
the client by the hospital is required, thereby preventing the 
misappropriation of such a card or the forgery thereof leading 
to an abuse. Further, when the medical charges are to be paid, 
no credit card is required, thereby eliminating the need to carry 
such a card with the client . 

FIG. 12 is a flowchart showing the process operation of 
an authentication server according to a ninth embodiment of the 
present invention. The process operation of the authentication 
server according to the ninth embodiment of the present invention 
will be described with reference to FIG. 12. The configuration 
and operation of a personal authentication system according to 
the ninth embodiment of the present invention are an example 
of the application to government and municipal office services 
of the personal authentication system according to the first 
embodiment of the present invention shown in FIG. 1 , the personal 
authentication system according to the second embodiment of the 
present invention shown in FIG. 4 , or the personal authentication 
system according to the fourth embodiment of the present invention 
shown in FIG. 6 . The configuration and operation of this system 
are similar to those of the personal authentication systems 
according to the first to fourth embodiments, so the description 
of the configuration and operation is omitted. 

In the personal authentication system according to the ninth 
embodiment of the present invention , the authentication terminal 
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4 is installed at a government officer's window. If the client 
must be identified at this window, he undergoes the personal 
authentication in accordance with a procedure similar to that 
described above. 

Further, if the client must submit a document such as a 
copy of the certificate of residence, a copy of the portion of 
the client's family register which relates to him, or a copy 
of his family register for various governmental procedures for 
licenses, then this submission is additionally executed by the 
authentication server 1 or is executed by a server provided 
separately by the government office. 

That is, if personal authentication data have been sent 
from the authentication terminal 4 (step S91 in FIG. 12), the 
authentication server 1 collates the sent data against the 
previously registered personal authentication data (step S92 
in FIG. 12) to identify the client (step S93 in FIG. 12). 

When the authentication server 1 detects a mismatch in this 
personal authentication , it notifies the authentication terminal 
4 that the client is unidentified (step S94 in FIG. 12). When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S95 in FIG. 12) . 

Upon detecting this match, the authentication server 1 
permits the application for the license to be accepted , calculates 
the application fee, and pays the fee from the settling account 
registered previously in the database 2 (step S96 in FIG. 12) . 

In this manner, when the client applies to a government 
office for various licenses, he is not required to prepare a 



copy of the certificate of residence, a copy of the portion of 
the client's family register which relates to him, or a copy 
of his family register and can identify himself while 
simultaneously submitting these documents at the window* 

FIG. 13 is a flowchart showing the process operation of 
an authentication server according to a tenth embodiment of the 
present invention. The process operation of the authentication 
server according to the tenth embodiment of the present invention 
will be described with reference to FIG. 13. The configuration 
and operation of a personal authentication system according to 
the tenth embodiment of the present invention are an example 
of the application to facility usage services of the personal 
authentication system according to the first embodiment of the 
present invention shown in FIG. 1, the personal authentication 
system according to the second embodiment of the present invention 
shown in FIG. 4 , or the personal authentication system according 
to the fourth embodiment of the present invention shown in FIG. 
6. The configuration and operation of this system are similar 
to those of the personal authentication systems according to 
the first to fourth embodiments, so the description of the 
configuration and operation is omitted. 

In the personal authentication system according to the tenth 
embodiment of the present invention , the authentication terminal 
4 is installed in various service providing facilities such as 
libraries or sports gyms. At a reception of the facility, the 
client undergoes the personal authentication in accordance with 
a procedure similar to that described above. 
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If a charge process is required based on the management 
of the facility use time , borrowed books , or the like , the charges 
are paid from the settling account registered previously in the 
database 2 of the authentication server 1 . The management of 
the facility use time, borrowed books , or the like may additionally 
be executed by the authentication server 1 or may be executed 
by a server provided separately by the service providing facility . 

That is, if personal authentication data have been sent 
from the authentication terminal 4 (step S101 in FIG. 13), the 
authentication server 1 collates the sent data against the 
previously registered personal authentication data (step S102 
in FIG. 13) to identify the client (step S103 in FIG. 13). 

When the authentication server 1 detects a mismatch in this 
personal authentication , it notifies the authentication terminal 
4 that the client is unidentified (step S104 in FIG. 13) . When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S105 in FIG. 13) . 

When this match is detected and if the client is to enter 
the service providing facility such as a library or a sports 
gym (step S106 in FIG. 13) , the authentication server 1 permits 
the client to enter the service providing facility and records 
the entry time (step S107 in FIG. 13). 

If the client is not to enter the service providing facility 
such as a library or a sports gym (step S106 in FIG. 13), the 
authentication server 1 determines whether the client has used 
a pay service (step S108 in FIG. 13). In this case, the 



- 31 - 



authentication server 1 may record the use each time the client 
used a pay service. 

The authentication server 1 calculates the service charge 
if the client has used a pay service and pays the service charge 
from the settling account registered previously in the database 
2 (step S109 in FIG. 13). 

In this manner, if the client uses various service providing 
facilities, he is not required to carry with him a membership 
card or the like which is issued by each service facility. This 
avoids the situation where the client cannot receive the service 
because he fails to carry his membership card or the like with 
him or loses it. 

The above management of entries to and exits from various 
service providing facilities is applicable to private or 
corporate premises, facilities, or the like for which entries 
and exits are limited. In this case , the authentication terminal 
4 may be installed at the entrance to or the exit from private 
or corporate premises , facilities , or the like for which entries 
or exits are limited. In this case, the client undergoes the 
personal authentication in accordance with a procedure similar 
to that described above before entering or leaving the facility. 

Additionally, the point of time when clients enter or leave 
the facility, the amount of time that the clients are in the 
facility , the number of clients who are currently in the facility , 
or the like are managed as required. This management may 
additionally be executed by the authentication server 1 or may 
be executed by a server provided separately by each facility. 
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In this manner, when the above configuration and operation 
are applied to entries to or exist from facilities for which 
the entries or exits are limited, the client is not required 
to present his entrance permit, ID card, or the like, thereby 
5 avoiding the situation where the client cannot enter or leave 
the facility because he fails to carry such a card with him or 
loses it* Further, a third person is prevented from illegally 
entering or leaving the facility if the card is lost or stolen. 
FIG. 14 is a flowchart showing the process operation of 

10 an authentication server according to an eleventh embodiment 
of the present invention. The process operation of the 
authentication server according to the eleventh embodiment of 
the present invention will be described with reference to FIG. 
14 . The configuration and operation of a personal authentication 

15 system according to the eleventh embodiment of the present 
invention are an example of the application to document issuance 
and registration services of the personal authentication system 
according to the first embodiment of the present invention shown 
in FIG. 1, the personal authentication system according to the 

20 second embodiment of the present invention shown in FIG. 4, or 
the personal authentication system according to the fourth 
embodiment of the present invention shown in FIG. 6. The 
configuration and operation of this system are similar to those 
of the personal authentication systems according to the first 

25 to fourth embodiments, so the description of the configuration 
and operation is omitted. 

In the personal authentication system according to the 
eleventh embodiment of the present invention , the authentication 
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terminal 4 is installed at a city or ward officer's window for 
various procedures such as the issuance of a copy of the 
certificate of residence, a copy of the portion of the client's 
family register which relates to him, or a copy of his family 
register. At such a window, the client may not be strictly 
identified, causing procedures such as document issuance and 
registrations to be unfairly executed. Unfair processes can 
be eliminated by applying the present invention to these process 
operations. In this case, if the client must be identified at 
the window, the personal authentication is conducted in 
accordance with a procedure similar to that described above. 

Further, the issuance documents such as a copy of the 
certificate of residence, a copy of the portion of the client's 
family register which relates to him, or a copy of his family 
register as well as registrations may additionally be executed 
by the authentication server 1 or may be executed by a server 
provided separately by the city or ward office. 

That is, if personal authentication data have been sent 
from the authentication terminal 4 (step Sill in FIG. 14), the 
authentication server 1 collates the sent data against the 
previously registered personal authentication data (step S112 
in FIG. 14) to identify the client (step S113 in FIG. 14). 

When the authentication server 1 detects a mismatch in this 
personal authentication, it notifies the authentication terminal 
4 that the client is unidentified (step S114 in FIG. 14) . When 
the authentication server 1 detects a match, it notifies the 
authentication terminal 4 that the client is identified (step 
S115 in FIG. 14) . 
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When this match is detected and if the request is for the 
registration of the client's change of address or his seal (step 
S116 in FIG. 14 ) , the authentication server 1 executes the process 
corresponding to the request for the registration of the client ' s 
change of address or his seal (step S117 in FIG. 14). 

If request is not for the registration of the client ' s change 
of address or his seal (step S116 in FIG. 14) , the authentication 
server 1 determines that a document such as a copy of the portion 
of the client's family register which relates to him, or a copy 
of his family register is to be issued, and issues this document . 
The authentication server 1 then calculates the fee and pays 
it from the settling account registered previously in the database 
2 (step S118 in FIG. 14). 

This prevents the illegal issuance of a document such as 
a copy of the portion of the client ' s family register which relates 
to him , or a copy of his family register or the illegal registration 
of the client's change of address or his seal, thus eliminating 
the need to carry with the client his ID card such as his driver ' s 
license which authenticates him, or his registration card. This 
avoids the situation where the client cannot receive the service 
because he fails to carry his ID card or the like with him or 
loses it. 

FIG. 15 is a flowchart showing the process operation of 
an authentication server according to a twelfth embodiment of 
the present invention. The configuration of the authentication 
server and the program for controlling the operation of the 
authentication server according to the twelfth embodiment of 
the present invention will be described with reference to FIG. 
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15. Referring to FIG. 15, the authentication server 1 comprises 
a CPU (Central Processing Unit) 11 and a program 12. The CPU 
11 controls the authentication server 1 in accordance with the 
program 12. The latter is configured as shown in the flowchart 
in FIG. 2, 3, 5, and 7 to 14. That is, the program 12 controls 
the authentication server 1 to execute the above described 
process . 

As described above, the present invention provides a 
personal authentication system for connecting, via a 
communication line , an authentication server for authenticating 
a client to identify the client to an authentication terminal 
for inputting authentication information required for said 
personal authentication and previously registered, wherein the 
system has a database arranged therein, for storing at least 
personal authentication data required for said personal 
authentication , settling account information required to process 
charges , and data required to receive various services , and the 
authentication server collates the authentication information 
input from the authentication terminal via the communication 
terminal, against the personal authentication data stored in 
said database to identify client , processes charges based on 
the settling account information registered in the database based 
on a request from the authentication terminal when the client 
is authenticated during the identification, and provides, 
registers, and manages personal data registered beforehand in 
the database based on a request from the authentication terminal 
when the client is authenticated during the identification and 
periodically communicating a collation history, a personal data 
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usage history, and a charge process history. This avoids the 
situation where the client cannot receive the service because 
he fails to carry his card or the like with his or loses it , 
thereby preventing the abuse of the card or the like by a third 
person and the leakage of the personal information. 



